Bahar Ferguson
Cyberattacks are on the rise. As all kinds of cyberattacks become more prevalent, businesses and individuals risk sharing personal information or company information with the wrong person.
When it comes to businesses, a common cyberattack can cost as much $4.25 million. On top of that, companies need to learn how to keep sensitive company information safe in the new work-from-home dynamic.
Outside of businesses, individuals aren’t aware of how a cyberattack can impact their personal well-being. One study showed that 44 percent of people don’t believe they are a worthwhile target for hackers to attack.
Hackers don’t need much to succeed. All it takes is one individual to be fooled by their tactics to get the personal or sensitive data they need.
What is Social Engineering?
Social engineering is when someone makes an active effort to exploit an individual in hopes of receiving personal or company-specific information. These hackers work to gather specific information about the individual and use it to build trust to try to receive what they’re looking for. Hackers pretend they are someone they aren’t, posing as a friend, colleague, boss or company. From there, they contact you asking for credit card information, passwords or access to company files.
There are three common methods of social engineering:
Phishing
Phishing is when you receive an email from someone pretending to be someone they aren’t. If you work for a company, they may request access to passwords or sensitive data that could lead to a data breach. Phishers will generally act as executives or someone from the accounting team at work and ask for a favor of some sort that would provide them with what they’re looking for.
For individuals, phishers may ask for your credit card number, Social Security or passwords. They may pretend to be a business you recently shopped with, saying you owe money. These emails could claim you won a large sum of money and your credit card number is needed to claim the prize. Either way, it is important to be aware of the language within these emails.
Here are a few things to look out for when you receive a phishing email that seems misplaced:
• If the email content sparks a sense of urgency or requires your immediate attention.
• Contains unusual hyperlinks or attachments.
• Claims something that is “too good to be true.”
• Has a strange or poorly written subject line.
• Came from an email that’s outside of your organization.
• Has misspellings, bad grammar or makes an illogical request.
Smishing
Have you ever gotten a strange text message from a random number claiming you won money or your phone bill was recently paid? Maybe it was coming from a business but it wasn’t the usual phone number you receive text messages from. Smishing is a form of phishing where phishers will ask for personal information or data via text message. These commonly have a hyperlink included and come from unfamiliar numbers. If you receive any short message service updates from businesses, you may be especially susceptible to falling for these types of attacks.
Vishing
Fraudulent phone calls happen all the time. From fake IRS calls to telemarketing attacks, these types of fraudulent activity are considered vishing. Vishing is when phishers use voice messages and calls to gather personal data from you or your company. Be cautious as the numbers often seem ordinary and don’t look like a threat. However, if you answer the call and end up giving any of your personal information, you can be in some real trouble.
Phishing Attack Prevention Tips
Phishing attacks are everywhere and the best way to prevent them is to become more aware of their presence. Here are a few things individuals and companies can start doing today:
• Change passwords regularly.
• Don’t give out personal information unless you trust and can verify a website or email.
• Don’t click on links in emails.
• Don’t open attachments.
• Always check with the individual in person if you’re unsure.
If you fall for a phishing attack, you’ll want to contact your financial institutions and freeze your credit cards to prevent fraudulent activity.
If you’re a business owner, your employees may benefit from annual cybersecurity awareness training. These types of classes can keep cyberattacks top of mind for employees and help them in their professional and personal lives.
Remember: The best way to prevent phishing attacks of any kind is to become more aware of them. Be cautious with the emails, calls and text messages you receive. If you feel like something is off, most likely something is.
Bahar Ferguson is president of Wasatch I.T., a Utah provider of outsourced IT and managed compliance services for small and medium-sized businesses.